ContaoCMS (fka TYPOlight) 2.11 CSRF (Delete Admin- Delete Article)

ContaoCMS (fka TYPOlight) 2.11 version (and lower) in affected by a CSRF vulnerability which allows to delete administrator/users, delete article, news, newsletter and so on.
I’ve created an Advisory describing this vulnerability and the methods to exploit it:
ContaoCMS Ivano Binetti’s Advisory

Other web sites have reported my security Advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1297
http://osvdb.org/show/osvdb/79635
http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html
http://www.exploit-db.com/exploits/18527/
http://secunia.com/advisories/48180/
http://www.securelist.com/en/advisories/48180
http://xforce.iss.net/xforce/xfdb/73479
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1297
https://bugs.launchpad.net/bugs/cve/2012-1297
http://cxsecurity.com/cveshow/CVE-2012-1297/
http://www.cvedetails.com/cve/CVE-2012-1297/

 

 

D-Link DSL-2640B "0day" Vulnerabilities

SecurityFocus (http://www.securityfocus.com/) has assigned me three BID (Bugtraq ID) related to “0day” Dlink and Cisco Linksys vulnerabilities regarding design flaws and exploitable using CSRF:

Following you can read more details about them:
http://www.securityfocus.com/bid/52096
http://www.securityfocus.com/bid/52129
http://www.securityfocus.com/bid/52105

DFLabs PTK <= 1.0.5 Multiple Vulnerabilities (Steal Authentication Credentials)

To view my Original Advisory:
DFLabs PTK 1.0.5 Multiple Vulnerabilities (Steal Authentication Credentials)

Other related publications:
http://osvdb.org/show/osvdb/80765
http://xforce.iss.net/xforce/xfdb/73404
http://www.exploit-db.com/exploits/18513/
http://packetstormsecurity.org/files/110102/DFLabs-PTK-1.0.5-Cross-Site-Request-Forgery.html
http://1337day.com/exploits/17564

D-Link DSL-2640B Authentication Bypass

This router allows an attacker to bypass authentication and to login with administrator (“admin”) credentials. In fact when the administrator is logged in and an internal attacker will connect to web management interface (default is http://192.168.1.1:80) he will be able to see the MAC Address of logged admin. Symply changing his MAC Address the attacker can bypass authentication and login as administrator.

Fore more details

http://www.exploit-db.com/exploits/18511/
http://packetstormsecurity.org/files/110117/D-Link-DSL-2640B-Authentication-Bypass.html
http://www.securityfocus.com/bid/52129
http://xforce.iss.net/xforce/xfdb/73379
http://osvdb.org/79617
http://1337day.com/exploit/17562

 

ForkCMS 3.2.5 CSRF and XSS "0day" Vulnerabilities

Today I’ve discovered multiple vulnerability into Fork CMS 3.2.5. I think there are also  this vulnerabilities  in version 3.2.6.

Other pubblication related to these vulnerabilities:
http://packetstormsecurity.org/files/110048/ForkCMS-3.2.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
http://www.exploit-db.com/exploits/18505/
http://secunia.com/advisories/48067
http://osvdb.org/show/osvdb/79444 
http://xforce.iss.net/xforce/xfdb/73394
http://www.securelist.com/en/advisories/48067
www.1337day.com/exploits/17557